Guide in Progress: Building out a home lab

Started by deanwebb, January 06, 2015, 10:45:40 AM

Previous topic - Next topic

deanwebb

Hello networkers,

We need to put together a guide on how to set up a home lab. I'll edit the OP until we've got something that we feel is ready to post in the Guides section, which makes it a somewhat formal document. I'm starting it and I'll incorporate comments into the OP as they are offered here.

***

BUILDING OUT A HOME LAB


First word of advice to aspiring networkers is that your first home lab really is GNS3. It will do so much for you, all for free. Look up that fine product and how to use it, and you will soon be creating interesting and clever topologies to test out your routing and switching expertise.

That should be all you need for entry-level certifications.

For professional-level certifications and above, however, you will want to handle real equipment, since real equipment can fail in ways that simulated/emulated equipment can't. Those real equipment failures are also things you can experience in real life.

When building out your home lab, avoid purchasing pre-assembled lab kits. That deserves to be in all caps, in fact: AVOID PURCHASING PRE-ASSEMBLED LAB KITS. Often, the equipment is outdated and won't give you the OS versions you need to know for your testing.

For best results, look to online single-piece sales, or ask around your networking friends for good deals. Bearing in mind that there are a number of switches you can get for around $20 and routers for $100 or so, your total outlay will be in the area of $260-$300 for a pair of routers and a few switches. You might get lucky and find more for less. An entry-level firewall, the Cisco ASA 5505, will be around $150-$200 and is well worth the expense if you plan to look into security.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

hizzo3

#1
I'd also recommend a small VM box. NUC's are cheap and you can even repurpose many <5yr old PCs for this. Use your favorite hypervisor and get a server running with your fave tftp, snmb and whatever else you want. Great to offload GNS3 dynamips on as well from older laptops like mine. Pfsense for firewall and VPN. Add in a eBay ip switched PDU (got mine for $40) and you even have a remote lab.
Big plus here, you get exposure to VMs and in most cases you learn some Linux. Who in networking couldn't use a little Linux?

vito_corleone

Quote from: hizzo3 on January 06, 2015, 11:33:37 AM
I'd also recommend a small VM box. NUC's are cheap

NUCs are fantastic. I've been running three of them in an ESX cluster for a couple years. I also use the smaller ones as XBMC boxes. I'm probably moving to a couple Shuttles in the future though. The SH87R6 can do 32GB of RAM versus the NUC's max of 16, which means I can run only two boxes and be pretty happy.

RTFM

#3
Quote from: deanwebb on January 06, 2015, 10:45:40 AM
Hello networkers,

We need to put together a guide on how to set up a home lab. I'll edit the OP until we've got something that we feel is ready to post in the Guides section, which makes it a somewhat formal document. I'm starting it and I'll incorporate comments into the OP as they are offered here.

***

BUILDING OUT A HOME LAB


First word of advice to aspiring networkers is that your first home lab really is GNS3. It will do so much for you, all for free. Look up that fine product and how to use it, and you will soon be creating interesting and clever topologies to test out your routing and switching expertise.

That should be all you need for entry-level certifications.

Dean,

One of my goals this year is to get my CCNA certification.  After reading your post, I started reading GNS3 Getting Started Guide 1.0[1].  In the guide it says,

"However, due to licensing restrictions, you will have to provide your own Cisco IOS's and IOU, to use with GNS3."

My question is, how is one to legally obtain a valid copy of an IOS image?  Also, for the new CCNA, the IOS version is 15. 

I was looking at the Hardware Emulated by GNS3[2].

Would you suggest me buying one of the routers, say for example 3725, running IOS v15 on eBay[3] as this is one of the routers listed on [2]? Edit: And use this image to run on GNS3.  /Edit

Thanks


[1]. https://community.gns3.com/servlet/JiveServlet/previewBody/1791-102-1-2066/GNS3%20Getting%20Started%20Guide%201.0%20(1).pdf
[2]. https://community.gns3.com/docs/DOC-1708
[3]. http://www.ebay.com/
show ip route x.x.x.x   % Network not in table

mynd

Last I heard, GNS3 only supports IOS v15 on the 7200 routers. Might want to look to see if it specifically supports v15 before making the purchase.

wintermute000

I confirm above, have labbed 15 on 7200 many times, it is slightly dodgy though 

deanwebb

Hizzo and Vito: can you guys expand on the VM stuff you're talking about? Assume someone has never done a VM box and go from there. Not total step-by-step, but say where to get the steps. That would be good.

RTFM: That is correct, you have to provide your own Cisco IOSes for GNS3. If you own a router that GNS3 emulates, you can use that IOS on GNS3. Site policy will not allow anyone to discuss black market methods of acquiring IOS code on this site. Having said that, the Cisco Learning Forums won't discuss it, either, but they will heartily recommend GNS3.

For legal reasons, we're not going to address the hypocrisy of enthusiastically recommending GNS3 while remaining silent on how to make it useful.

I will say this, though: don't use GNS3 to run production routers, don't try to purchase support for a device you set up in GNS3, and don't sell a device you cooked up in GNS3 on eBay or anything like that. When I worked on putting my home lab together, I had a friend at Cisco help me with stuff that was end-of-life (EOL) and on its way to a dumpster. I had the same three rules when he handed that over to me. I never ran production on them, I never bought support, and I never sold them on eBay, even though some of that stuff would still fetch a big price. Cisco does want to see people get certified, but it's not going to recommend that people find their software for free somewhere, because that's against their business model of selling the stuff.

Has Cisco ever done a swoop on all the people that used their IOS code in GNS3 and sued them, RIAA-style? To my knowledge, no. Will they ever swoop down on someone? If that guy starts selling IOS code out of the back of his car to shady network admins, you betcha, but not because he loaded into a GNS3 for his home lab. Does this mean that NOW I'll tell you where to get the IOS images? No. Site policy is to not post links or information on how to get software through means other than official distribution channels or similarly legal means.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

deanwebb

Quote from: wintermute000 on January 06, 2015, 03:10:15 PM
I confirm above, have labbed 15 on 7200 many times, it is slightly dodgy though 
Yes, 15 on the 7200 in GNS3 gave me some headaches. I preferred late 12 code.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

SimonV

I love my 1841s - cheap (€ 40), silent and more than fast enough for lab use. Just checked and they should be able to run IOS 15, I'm still running 12.4 though...

deanwebb

Quote from: SimonV on January 06, 2015, 03:16:48 PM
I love my 1841s - cheap (€ 40), silent and more than fast enough for lab use. Just checked and they should be able to run IOS 15, I'm still running 12.4 though...

1841 is my real router of choice.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

wintermute000

#10
1.) re: 1841s, see attached  ;D  Runs fine on 15.1M and does full MPLS/MP-BGP.


2.) A vm host is pretty much mandatory in this day and age. To be honest I spent way more time in Cisco CSRs and Juniper Fireflies than my real rack. You can also lab a whole bunch of multi-discipline, multi-vendor stuff ranging from IP PBXs to virtual WAN accelerators to even virtual SBCs nowadays, host a management server for tacacs/syslog/rancid/etc, Active Directory, the list goes on. If I had to do it again, I would not have bought the 1841s and built a breakout rack only with 4 switches going back to my ESXis. But I built this setup 2 years ago, so at least I got some good use out of it.

I run with 2x Dell Optiplex 990s (i5-2400, 16Gb, 2x LP dual NIC cards) as the main vsphere hosting cluster, 1x repurposed whitebox (i3-2120, 16Gb, dual NIC) as management (AD/vcenter), and a separate iSCSI target running off physical FreeNAS on its own isolated LAN.


I run all the test hosts off dvswitch VLANs so it doesn't matter if they are on host 1 or host 2. Management hosts (vsphere, AD, linux) are on a separate whitebox so I can easily break and rebuild the cluster at will without worrying about screwing up my management. I've also kept all management traffic on dedicated standalone vswitches to eliminate any reliance on dvswitching and the vcenter.

Note I have modelled off a typical textbook enterprise deployment as I wanted to do Vmware labbing not just networking. If you just want to run up virtual hosts then one big ESXi of doom would be easier and cheaper. You can get some insane bang for the buck if you can live with loud power hungry ex-data centre rack monsters (i.e. old servers). Running one mega host also lets you lab vmware via nesting ESXi within ESXi but that obviously brings about its own brand of headaches, caveats and performance issues. I actually sold a mega server that was running such a nested setup and rebuilt the current one outlined below

skaffen.planetexpress.com.au/virtual-lab.pdf

The only caveat I'd say re: NUCs are great but you can't lab vmware properly on them as you simply cannot install more NICs, and you're going to need extra NICs for things like iSCSI, FT, HA and all the other vmware features. If you don't care about that then its all gravy.


3.) GNS3 is still good for quick/scenario specific labbing, esp with the convenience of importing someone else's pre-baked topology. A lot of core R&S hasn't changed a lot even if you stick with 12.4T - I can't see much on the RIP, OSPF, EIGRP or BGP topics for IEv5 that specifically requires v15 for example (is there even any?).

4.) If VIRL ever gets Titanium (NX-OS) fully featured and/or switching then it would trump all, but right now, its basically a fancier version of GNS3 with up to date IOS, or an easier to use version of an ESXi loaded with CSRs (that you don't have to blow away every 90 days once the evaluation for advanced services expires).

hizzo3

I'll expand on the VM stuff tonight.
For the IOS stuff, sometimes you can catch EOL stuff on eBay that will still have an IOS loaded. Legally, the only way to get it is through service contracts. Is it part of the service contract that at EOL the company should be wiping the equipment?

wintermute000

seriously, for labbing who cares about legalities.
do they want techs to know and evangelise their gear or not? zero guilt for non-prod usage IMO

hizzo3

Good point. Also just remembered for civil and criminal, damage has to be done - no what ifs. It would be an expensive court case over educational use ;)

Ironman

Luckily my company is overhauling a good deal of its infrastructure and there is a ton of stuff to be had. I got a few 2821s and some 3560s (POE). I'm also using a 2621XM which are fairly cheap for the BGP PeerX Project.